Kerry Osborne
Download
1 / 22

Kerry Osborne Senior Oracle Guy - PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on

Kerry Osborne Senior Oracle Guy. Caveats. The opinions expressed are mine … I’m an old guy I am biased towards Oracle technology I have not drunk too much of the Kool-Aid. Why Identity Management?. My Totally Unscientific Survey ~40 companies ~90% public ~40% over $1B

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Kerry Osborne Senior Oracle Guy' - harris


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Kerry Osborne

Senior Oracle Guy


Caveats
Caveats

  • The opinions expressed are mine …

  • I’m an old guy

  • I am biased towards Oracle technology

  • I have not drunk too much of the Kool-Aid


Why identity management
Why Identity Management?

My Totally Unscientific Survey

  • ~40 companies

  • ~90% public

  • ~40% over $1B

    ~95% are interested in Identity Management


Why identity management1
Why Identity Management?

  • Users are frustrated

  • SOX is Scary

  • Need to Reduce Costs

  • It’s Complicated


Why oracle identity management
Why Oracle Identity Management?

OID

Oracle

Database

Oracle Identity Management


Oracle internet directory oid
Oracle Internet Directory (OID)

  • v3 compliant LDAP server

  • Built on Oracle Database

    • Scalable

    • Performant

    • Highly Available


Speaking of eggs
Speaking of eggs

  • Is it better to have all your eggs in one basket, or not?



Squirrel and fort knox1
Squirrel and Fort Knox

  • Squirrel’s Approach

    • He puts nuts in lots of places.

    • They are totally insecure. Therefore, he needs lots of holes.

    • He has lots of nuts. Therefore, he doesn’t care if he loses some.

  • Fort Knox Approach

    • Put all the gold bullion in one place and lock it down.

    • Can’t afford to loose any.

    • Not enough man power to guard many locations.


Back to the future
Back to the Future

Traditional Database Systems

  • Usually authenticated by the database

  • Yielded lots of silos

  • Usually not directly associated with a person


Two common security models
Two Common Security Models

  • Every user has his own database account

    • Full access to base tables must be granted

    • Access to ad-hoc tools must be limited

    • Can make use of advanced Oracle features

      OR

  • Users log on to a proxy account

    • Better approach generally (see caveat 1.0)

    • Not necessary for user to know the actual account

    • Easier to convert to centralized authentication


Case study 1
Case Study #1

Document Management / Workflow Application

Problem:

  • Build a document management system capable of handling millions of documents from paper to searchable XML database.

  • The application should support multiple groupings of users with multiple responsibilities.

  • Provide a very flexible routing/approval infrastructure.


Case study 11
Case Study #1

Architecture:

  • Oracle Database using Oracle Text

  • Java application to access the final database

  • Oracle Forms

  • Oracle Workflow


Case study 12
Case Study #1

Solution:

  • Use proxy security model where by all users log on to a common database account.

    • Use OID for authentication

    • Create a table of users

    • Synchronize application users table with OID via triggers

    • No need for password field in users table

    • Create view of users table for Workflow


Case study 13

Forms

App

OID/SSO

Authentication

Workflow

Workflow_users_view

Database Trigger

App_users

Username

Email

Workflow_users

Username

Email

Case Study #1


Case study 2
Case Study #2

Consolidation of Security Models / Authentication

Problem:

  • Numerous custom Oracle based applications all with their own security components makes compliance with government regulations difficult.

    Architecture:

  • Numerous applications all accessing Oracle.

  • Each application uses individual database account security model.

  • The applications use database roles for security.

  • The client uses Oracle’s Internal Controls Management product.

  • The client plans to implement Oracle Financials.


Case study 21
Case Study #2

Solution:

  • Convert custom applications to “Bolt On” applications in Oracle Financials.

    • Provides a common security model

    • Provides auditing capability

    • Provides a common user interface

    • Provides out of the box integration with OID/SSO


Case study 22

OID/SSO

XX1

Users

Roles

Menus

Fin Apps

Apps

GL

AP

XX1

XX2

Users

GL_User1

AP_User1

XX1_User1

XX1_User2

XX2

Users

Roles

Menus

Responsibilites

AP Clerk

AP Super User

XX1 Clerk

XX1 Super User

Case Study #2


Case study 3
Case Study #3

Active Directory Sync / .Net Application

Problem:

  • The users wish to have centralized authentication

    • This will provide users with access to the application, whether they are defined in AD, OID or the application.

      Architecture:

  • .Net application

    • The application uses the Proxy Security Model with an internal table of application users.


Case study 31
Case Study #3

Solution:

  • Use OID as the central repository

  • Synchronize OID with AD and the Internal Users Table

  • AD sync accomplished with DIP on timed basis

  • Database users table sync is bi-directional

    • To OID via database triggers

    • From OID with timed job using function based view (ldap search)


Case study 32

.net application

IIS

Oracle Database

AD

Oracle SSO

Plug In

App_users

via trigger

OID/SSO

timed

event

Sync

Ldap$users

Case Study #3


Questions
Questions?

www.enkitec.com

[email protected]


ad